Debsign

Debsign task

This is a signing task that signs a debian:upload artifact on a signing worker. It is separate from the Sign task because signing uploads is a customized operation involving signing multiple files and updating the .changes file.

The task_data for this task may contain the following keys:

• unsigned (Single lookup, required): the debian:upload artifact whose contents should be signed

• key (string, required): the fingerprint of the debusine:signing-key asset to sign the upload with, which must have purpose openpgp

The output will be provided as a debian:upload artifact, with relates-to relations to the unsigned artifact.

The .changes file has additional audit-trail fields added:

• Debusine-User: A URL for the user who created the signing task.

• Debusine-Work-Request: A URL for the signing task work request.

• Debusine-Workflow: A URL for the workflow that the signing task was part of. Not present if it was a stand-alone task.

Used by the package_upload workflow.